Cloud security is at the confluence of the two fastest growing sectors in tech: cloud (which businesses need to scale their operations) and security (which they need to gain customer trust).
This makes it an ideal choice for a career in 2023 and beyond, particularly if you’ve previously had a technical role on a product team. Cloud security is by no means an entry-level role as we’ll see in this ebook, but it’s quickly becoming a point of focus for forward-thinking engineering teams
One of the markers of a promising career path is to see how quickly the industry is growing. Cloud has gone far beyond the ‘disruptive’ phase in tech to being downright essential to the survival of hundreds of thousands (if not millions) of businesses globally.
As more employers prioritise going all-in on cloud, employment opportunities for cloud security will only grow more lucrative. Even today, the demand for skilled cloud security professionals is far outstripping supply.
While the cloud and cloud security markets are seeing dizzying levels of expansion, the number of high-skill workers is nowhere close to meeting the demand. In fact, a 2022 survey showed that nearly 40% of technologists across various industries say one of their largest skills gaps is in cloud security.
In 2023 and beyond, these are the skills that will determine how valued you are at any company you choose to work at.
Cloud remains one of the most important skills in this regard. Going into 2023, IT leaders find cloud and cybersecurity roles the hardest to find skilled talent for.
If you’re worried about getting laid off from your job, bolstering your skill set with cloud security can help with both horizontal and vertical mobility at your workplace. Conversely, if you’ve been laid off recently and are looking to get back in the job market, a fresh new set of skills will be impossible to miss on your resume.
If you’re going to be in one of the most high-demand roles in all of tech, you deserve to be paid like it. As of early 2023, the average cloud security engineer in the US makes nearly $150,000 a year. In fact, compensation across many security roles is on average higher than other technical roles on the product team.
At the junior level, cloud security engineers spend most of their time responding to alerts from various tools the team has set up across the cloud infrastructure.
The senior level engineer is actually implementing these tools and systems. They are responsible for setting up, configuring, and deploying these various tools in the cloud, conducting security assessments and audits.
A lead cloud security engineer has a more ‘big picture’ role on the team. They’re the ones identifying critical security gaps in the organisation’s cloud environment, and exploring viable solutions to fill those gaps.
Cloud security is one of those disciplines that requires a cross-section of skills across a variety of fields, from application security, to DevSecOps, to cryptography, to network security architecture.
Competitors like Azure and GCP offer similar services, but they operate on different principles and have unique features. As a cloud security engineer, you’ll need to be familiar with many of these services, the security controls they offer, and how they affect your application.
Security automation is the most prominent use case for programming. It’s pretty much impossible to rely purely on manual testing today, with cloud environments growing in complexity and teams rapidly releasing software, sometimes multiple times a day.
Learning to code can also give you a deeper appreciation for the constraints the engineering team faces in building and fixing apps. Not to mention, it makes it easier for you to communicate your security findings to developers in a way they understand.
The biggest source of vulnerabilities in a cloud environment come from security misconfigurations. These range from insecure secrets management, lack of input validation—or perhaps most importantly—identity and access management controls.
You’ll be expected to implement features like MFA and federated access across your organisation’s infrastructure, monitor the cloud environment for suspicious activity, manage permissions and access policies, and more.
DevSecOps lets you integrate security processes right into the software cycle without slowing or disrupting the pace of development. As a cloud security engineer, you’ll be expected to work with the rest of the product team to seamlessly incorporate security testing, reporting, and audits into the DevOps pipeline.
Security automation is the central pillar of DevSecOps, and when your team is releasing software at a rapid pace, this is the only way to ensure new builds are tested and fixed before going to production
(And don’t miss our Beginner’s AWS Security Learning Roadmap at the end the book!)